Online Course: Foundations of Reverse Engineering

Abstract

Reverse engineering is a broad discipline that is used to solve many problems in areas like malware analysis, vulnerability discovery, protocal analysis and analysis of legacy systems. This course teaches the fundamental topics that make up reverse engineering and that are necessary for a complete grasp of the field. Following this course you will have a solid grasp of the fundamentals and be comfortable ready to advance to specialised fields such as vulnerbility analysis and exploitation, and malware analysis.

This course introduces reverse engineering from a first-principles approach and the first stage of the course is to understand how bits and bytes are used to represent data and code inside our computer systems. Secondly, the course covers x86-64 extensively and following this course the student will have a firm grasp on the assembly language itself and also how higher level languages manifest themselves in assembly language. Finally, the course will introduce how to use debuggers and disassemblers to reverse engineer binary applications.

This course is comprehensive and it covers a lot of knowledge and information. It takes a lot of effort to cover the foundations of a complex topic like reverse engineering, and to support this the course has more than 100 hands-on exercises that are tailor-made to optimise the learning experience.

Course Objectives

Learning Objectives

Understand how software is represented as data

Understand the x86-64 architecture and language

Be able to analyse binary applications using debuggers on both Linux and Windows

Be able to analyse binary applications using disassemblers and decompilers, focusing on the Ghidra disassembler

Prerequisites

Who should attend?

This course is for people interested in getting started with reverse engineering and progressing in careers, e.g.

Incident responders

Threat analysts

Malware analysts

Vulnerability hunters

Security engineers

Any others who need to understand applications at the binary level

Course Syllabus

The course is divided in the following main sections. Each section is composed of a myriad of videos, notes, exercises, assignments and other forms of interactive learning.

Introduction

This section introduces and gives an overview of the course. We cover the motivation for studying reverse engineering, a high-level view of the topic and also present the composition of the course.

Programs as data

In the most basic level our computers are based on information that is represented as 1s and 0s. These 1s and 0s are inspired by the binary number system and it is through a sequence of layered abstractions that these 1s and 0s become the data that we observe in the monitor. As reverse engineers it is important to understand how these layered abstractions work since we are often required to start the reverse engineering process only from what is represented in memory or on disk, namely the 1s and 0s. This section introduces the subject of representing computer programs as data, which lays the first step in becoming a reverse engineer.

Introduction to x86-64 Architecture and Language - I

The x86-64 architecture is the most common cpu architecture for desktops and is also where most professional reverse engineering takes place. In this section we introduce the x86-64 machine language and architecture. We present how the programming language C is translated into assembly code, and also how to use tools like gcc, as, and objdump to work with assembly language. We also introduce the core x86-64 instructions that deal with arithmetic, data movement and control-flow.

Introduction to x86-64 Architecture and Language - II

In this section we continue our study into the x86-64 architecture and machine language. We build on our knowledge from the previous section and go deeper into x86-64, by studying procedures, calling conventions and data structures. This section forms the last part of our introduction to x86-64 and in the following sections we will apply and use the knowledge provided in this and the previous section.

Reverse engineering with debuggers

This section is focused on introducing the concept of debuggers. We use debuggers to inspect the runtime of binary applications and this is one of the most important skills for reverse engineers. We introduce both debugging on Windows by way of x64dbg and also on Linux by way of gdb. In this section we also introduce the concept of crackmes, which is one of the most traditional ways of practicing reverse engineering.

Reverse engineering with disassemblers

The disassembler is one of the most well-known reverse engineering tools. In essence, disassemblers simply convert binary code into its corresponding assembly code. However, modern day disassemblers are more like complex reverse engineering frameworks, and they can be difficult to master. In this section we introduce the concept of disassembly, decompiler and the tool Ghidra. Ghidra is an extensive reverse engineering framework developed by the NSA and is freely available as open source and binaries.

Course conclusion

This section concludes the course.

You get

Lecture videos

Lecture notes

Hands-on exercises of varying difficulty

24/7 access to platform and self-paced course

6 months subscription to online training platform

Instructor support throughout entire course

Course updates during subscription period